Published Thursday, 05 May 2011
Investigators found a file implicating the "hacktivist" group Anonymous in the security breach that led to the theft of the personal details of more than 100 million online gamers, electronics company Sony has told the US Congress.
In a letter to Congress, Sony said the data theft came at the same time it was defending itself against a cyber-attack from members of Anonymous.
Forensic experts found a file on one of the hacked systems, titled Anonymous, which contained a phrase – "We are legion" – that is sometimes used by the hackers' collective, said Sony chairman Kazuo Hirai in the letter to members of the House of Representatives.
"What is becoming more and more evident is that Sony has been the victim of a very carefully planned, very professional, highly sophisticated criminal cyber-attack designed to steal personal and credit card information for illegal purposes," he told the House commerce committee, who have launched an inquiry into the matter.
Hirai, chairman of the board of directors of Sony Computer Entertainment America, said Anonymous began denial-of-service attacks, which take servers down by overwhelming them with internet traffic, after the company took action against a hacker in a federal court in San Francisco.
"Just weeks before, several Sony companies had been the target of a large-scale, coordinated denial-of-service attack by the group called Anonymous," said Hirai. "The attacks were coordinated against Sony as a protest against Sony for exercising its rights in a civil action in the United States district court in San Francisco against a hacker."
But he said the mass data theft was launched separately and Sony was not sure whether the two cyber-attacks were co-ordinated.
The company also admitted that it discovered a breach in its PlayStation video game network on 20 April but did not report the matter to US authorities for two days and only informed consumers on 26 April.
"Throughout the process, Sony Network Entertainment America was very concerned that announcing partial or tentative information to consumers could cause confusion and lead them to take unnecessary actions if the information was not fully corroborated by forensic evidence," Hirai wrote.
On Tuesday the company admitted the names, email addresses and phone numbers of 25 million Sony Online Entertainment (SOE) customers were stolen in the attack, which also hit 77 million PlayStation Network gamers. Debit card records of 10,700 customers in Austria, Germany, the Netherlands and Spain were compromised in the attack.
"The Sony matter is under active investigation. It involves personnel from the FBI and the justice department who are looking into the matter," US attorney general Eric Holder said. "It is something we are taking extremely seriously."
Anonymous was born out of the influential internet messageboard 4chan, a forum popular with hackers and gamers, in 2003. The group's name is a tribute to 4chan's early days, when any posting to its forums where no name was given was ascribed to Anonymous.
It came to public prominence in December after members briefly brought down MasterCard, Visa and PayPal after those companies cut off financial services to WikiLeaks.
guardian.co.uk © Guardian News and Media 2011